[Rd] invalid permissions
Koenker, Roger W
rkoenker @end|ng |rom ||||no|@@edu
Tue Oct 22 12:58:36 CEST 2024
Ivan,
Many, many thanks!
Best,
Roger
> On Oct 22, 2024, at 10:44 AM, Ivan Krylov <ikrylov using disroot.org> wrote:
>
> Dear Prof. Roger Koenker,
>
> On Tue, 22 Oct 2024 09:08:12 +0000
> "Koenker, Roger W" <rkoenker using illinois.edu> wrote:
>
>>> fN <- rqss(y~qss(x,constraint="N")+z)
>>
>> *** caught segfault ***
>> address 0x0, cause 'invalid permissions’
>
> Given a freshly produced quantreg.Rcheck directory, I was able to
> reproduce this crash by running
>
> R -d gdb
> # make sure that the package version under check will be loaded
> .libPaths(c("quantreg.Rcheck", .libPaths()))
> library(quantreg)
> example(plot.rqss)
>
> The crash happens in the Fortran code:
>
> Thread 1 "R" received signal SIGSEGV, Segmentation fault.
> 0x00007ffff3d77bd4 in pchol (m=5, n=1, xpnt=..., x=..., mxdiag=6971508156.8648586, ntiny=0, iflag=0,
> smxpy=0x7ffff3d75b80 <smxpy8>,
> tiny=<error reading variable: Cannot access memory at address 0xe00000000>,
> large=<error reading variable: Cannot access memory at address 0x5b14e898>) at cholesky.f:4927
> 4927 IF (DIAG .LE. tiny * MXDIAG) THEN
> (gdb) bt
> #0 0x00007ffff3d77bd4 in pchol
> (m=5, n=1, xpnt=..., x=..., mxdiag=6971508156.8648586, ntiny=0, iflag=0, smxpy=0x7ffff3d75b80 <smxpy
> 8>, tiny=Cannot access memory at address 0xe00000000
> #1 0x00007ffff3d77d7a in chlsup
> (m=5, n=1, split=..., xpnt=..., x=..., mxdiag=6971508156.8648586, ntiny=0, iflag=0, mmpyn=0x7ffff3d7
> 9d90 <mmpy8>, smxpy=0x7ffff3d75b80 <smxpy8>, tiny=Cannot access memory at address 0xe00000000
> #2 0x00007ffff3d7849c in blkfc2
> (nsuper=<optimized out>, xsuper=..., snode=..., split=..., xlindx=..., lindx=..., xlnz=..., lnz=...,
> link=..., length=..., indmap=..., relind=..., tmpsiz=10, temp=..., iflag=0, mmpyn=0x7ffff3d79d90 <mmpy8
>> , smxpy=0x7ffff3d75b80 <smxpy8>, tiny=Cannot access memory at address 0xe00000000
> #3 0x00007ffff3d78bad in blkfct
> (neqns=<optimized out>, nsuper=<optimized out>, xsuper=..., snode=..., split=..., xlindx=..., lindx=
> ..., xlnz=..., lnz=..., iwsiz=796, iwork=..., tmpsiz=10, tmpvec=..., iflag=0, mmpyn=0x7ffff3d79d90 <mmpy
> 8>, smxpy=0x7ffff3d75b80 <smxpy8>, tiny=Cannot access memory at address 0xe00000000
> #4 0x00007ffff3d7516d in chlfct
> (m=201, xlindx=..., lindx=..., invp=..., perm=..., iwork=..., nnzdsub=1588, jdsub=..., colcnt=..., n
> super=197, snode=..., xsuper=..., nnzlmax=197231, nsubmax=2615, xlnz=..., lnz=..., id=..., jd=..., d=...
> , cachsz=64, tmpmax=100244, level=8, tmpvec=..., split=..., ierr=0, it=1, timewd=...) at chlfct.f:125
> #5 0x00007ffff3d8bfdf in slpfn
> (n=398, m=<optimized out>, nnza=1193, a=..., ja=..., ia=..., ao=..., jao=..., iao=..., nnzdmax=1193,
> d=..., jd=..., id=..., dsub=..., jdsub=..., nsubmax=2615, lindx=..., xlindx=..., nnzlmax=197231, lnz=..
> ., xlnz=..., invp=..., perm=..., iwmax=1410, iwork=..., colcnt=..., snode=..., xsuper=..., split=..., tm
> pmax=100244, tmpvec=..., newrhs=..., cachsz=64, level=8, x=..., s=..., u=..., c=..., y=..., b=..., r=...
> , z=..., w=..., q=..., nnzemax=1789, e=..., je=..., ie=..., dy=..., dx=..., ds=..., dz=..., dw=..., dxdz
> =..., dsdw=..., xi=..., xinv=..., sinv=..., ww1=..., ww2=..., small=9.9999999999999995e-07, ierr=0, maxi
> t=100, timewd=...) at srqfn.f:238
> #6 0x00007ffff3d8ccdb in srqfn
> (n=<optimized out>, m=<optimized out>, nnza=1193, a=..., ja=..., ia=..., ao=..., jao=..., iao=..., n
> nzdmax=1193, d=..., jd=..., id=..., dsub=..., jdsub=..., nnzemax=1789, e=..., je=..., ie=..., nsubmax=26
> 15, lindx=..., xlindx=..., nnzlmax=197231, lnz=..., xlnz=..., iw=..., iwmax=1410, iwork=..., xsuper=...,
> tmpmax=100244, tmpvec=..., wwm=..., wwn=..., cachsz=64, level=8, x=..., s=..., u=..., c=..., y=..., b=.
> .., small=9.9999999999999995e-07, ierr=0, maxit=100, timewd=...) at srqfn.f:27
> #7 0x00007ffff7b037a2 in do_dotCode # <-- R code starts here
> (call=<optimized out>, op=<optimized out>, args=<optimized out>,
> env=<optimized out>)
>
> So both TINY and LARGE are invalid pointers at this point, suspiciously
> small ones at that (on my 64-bit Linux, a typical pointer looks like
> 0x7fffff?????? or 0x5555????????, with a few more non-zero digits).
> Where do they come from?
>
> At chlfct.f (frame 4 above) lines 124-125 we have a function call:
>
> 124 call blkfct(m,nsuper,xsuper,snode,split,xlindx,lindx,xlnz,
> 125 & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy8,smxpy8)
>
> The function is defined in cholesky.f:
>
> 623 SUBROUTINE BLKFCT ( NEQNS , NSUPER, XSUPER, SNODE , SPLIT ,
> 624 & XLINDX, LINDX , XLNZ , LNZ , IWSIZ ,
> 625 & IWORK , TMPSIZ, TMPVEC, IFLAG , MMPYN ,
> 626 & SMXPY, tiny, Large )
>
> It has two more arguments (tiny and Large) than chlfct gives to it.
> That must be the source of the error. Adding the missing arguments to
> the function calls avoids the crash:
>
> --- quantreg/src/chlfct.f 2019-08-06 15:30:35.000000000 +0300
> +++ quantreg/src/chlfct.f 2024-10-22 12:35:55.000000000 +0300
> @@ -113,16 +113,20 @@
> timbeg = gtimer()
> if (level .eq. 1) then
> call blkfct(m,nsuper,xsuper,snode,split,xlindx,lindx,xlnz,
> - & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy1,smxpy1)
> + & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy1,smxpy1,
> + & tiny, large)
> elseif (level .eq. 2) then
> call blkfct(m,nsuper,xsuper,snode,split,xlindx,lindx,xlnz,
> - & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy2,smxpy2)
> + & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy2,smxpy2,
> + & tiny, large)
> elseif (level .eq. 4) then
> call blkfct(m,nsuper,xsuper,snode,split,xlindx,lindx,xlnz,
> - & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy4,smxpy4)
> + & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy4,smxpy4,
> + & tiny, large)
> elseif (level .eq. 8) then
> call blkfct(m,nsuper,xsuper,snode,split,xlindx,lindx,xlnz,
> - & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy8,smxpy8)
> + & lnz,iwsiz,iwork,tmpsiz,tmpvec,ierr,mmpy8,smxpy8,
> + & tiny, large)
> endif
> if (ierr .eq. -1) then
> ierr = 10
>
>
> --
> Best regards,
> Ivan
More information about the R-devel
mailing list